As a pen testing enthusiast, this device is high on my "Awesome stuff-o-meter".

Quote

The Power Pwn may look like an ordinary power strip, maybe with an included surge protector, but it's far from it. Network administrators and IT staff in general need to be wary of this one: it can do much more than meets the eye.

The Defense Advanced Research Projects Agency (DARPA)'s Cyber Fast Track program helped funded the development of the Power Pwn. Pwnie Express, which developed the $1,295 gizmo, says it's "a fully-integrated enterprise-class penetration testing platform." That's great, but the company also notes its "ingenious form-factor" (again, look at the above picture) and "highly-integrated/modular hardware design," which to me translates to: it's the perfect tool for hacking a corporate network.

I don't know which part is more clever. The device itself - or the fact some enterprising contractor suckered the US government into shelling out $1,295 apiece for a device that should sell for something more like $400-$600 worst case.

Things like this can keep sysadmins up at night since the same thing could be used for much more nefarious purposes like setting up 'man in the middle' type spoofs, hiding secret file servers (linked to a Dropbox account), planting remotely controlled timebomb machines to gum up the internal network with bogus packets (watch the IT dudes go crazy trying to figure out how the packets are supposedly making it in through the firewall), ...oh...the mind boggles. Especially since end-to-end encryption is the exception rather than the rule in most places. LANs tend to be pretty open and less monitored than the WAN and gateway traffic usually is. Once you're in - you're *IN* - on many LANs. And a so-called passive sniffing setup is also very doable, making these things very hard to detect.

A couple of night cleaning people armed with a handful of these babies to leave behind could 'clean' a lot more than just the wastebaskets and rugs.

Oh well! There's no rest for the wicked. One more thing to be aware of. And check for.

Adding more security to a LAN will result in a lot more calls to the IT department with people complaining that they cannot work (efficiently) anymore.

Last week I had to use a properly locked down LAN, but required access to a database on another separated subnet from that LAN. Because of time pressure Not only me but a senior programmer, a senior DBA and me had to work almost a full work day just to recreate an environment where we could investigate.

In an open LAN this job would have taken me alone at most 2 hours.

Security and an efficient workflow do not match. Besides, trust needs to start somewhere and that implicates there is immediately an opportunity to misuse it.

Pwnie Express is happy to announce the initial release of Raspberry Pwn! Security enthusiasts can now easily turn their Raspberry Pi into a full-featured security penetration testing and auditing platform! This fully open-source release includes the following testing tools:

And corporate wonders why I've requested the worker's handbook be amended to say that anyone who connects hardware not approved by the IT department to the company network should receive disciplinary action.

Cause all it takes is one bad apple, and your entire network gets pwnt.

Of course the brass doesn't care about that, after all its my job to keep it alive no matter what. Just, they certainly don't put any effort into making my job easier.

Of course the brass doesn't care about that, after all its my job to keep it alive no matter what. Just, they certainly don't put any effort into making my job easier.

Around here the brass are the ones most likely to plug in some dumb shit and take the network down. Like the day 'Our Leader X' decided to plug a dangling cable into the switch (and. not. tell. anybody...) because they couldn't figure out why it wasn't/didn't "appear to Go anywhere"...(as it's such a bitch to trace a 3' cable, to find out it was already plugged into self same switch)... That shit cost me an hour trying to figure out why half the network had gone black.

I seriously considered strangling then with said cable when the issue was found.